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AMENDMENTS TO THE CLAIMS 

Please cancel claim 25 and amend claims 11-24 and 26 as follows. 

The following listing of claims replaces all prior versions and listings of claims in the 
application. 

Listing of Claims ; 

I. -IO. (Canceled). 

II. (Currently Amended) A method for configur i ng a firewal l (1) in q computer 
system (2) comprising objects (3), ond rcGOu r cca (1), for estab l ishing on accGDS control 
poli c / f o r th e i:i hjrrt-T (->). ^^'^ rr^nthn^i rnnfrniiina access to network resources, comprising: 

g i ouping the objects (3) of the syfltcm into intcrnol and ortcrnol protection domains 

(5r6)7 

ensuring cstoblishing o firewa l l (a) for protection of on intcrnol doma i n (5) relative to 
on external domain (6), and 

a p plying to the firewall a rule for controlling access between o source resource (^) 
and a destination resource on l y if sold source and destination resources belong to the some 
i nterna l or externa l protection domain (5 or 6) 

at 3 central configuration machine: 

ripfinin q an internal protection domain fo r pach of a plurality of firewalls, each 
internal orotertinn domain indudina at le a <rt- nnf> zone, each zone having at least one 
access-controlled netw ork resource: 

Hpfinin q at least one external prntedion dom ain for the plurality of firewalls, the 
pytemal orotprtinn domain inrludino at lea « ^ nnP zone havino at least one access-controlled 
network resource: 

rrpatino a plurality of resource orniins. each r esource oroun including at least one 

zone: 

<;pprif yinQ an access control rule- indudina a 'irope. for each resource group; 
rnnfi qurina each firewall using the acc ess control rules: and 
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at each firewall: 

in rP«; pnnse to a request to acces'; a destination nPtwork resource received from a 
.;niirce networi< resource, detprminino wliet h er to aoplv the access control rule specified for 
the resource nrouo associated with the destination net work resource based on the scope of 
the access control rule . 

12. (Currently Amended) A method according to claim 11, further comprising: 
determining the protection domain of the access-controlled network resources (4)-by 

ffl€afl»^using_firewall network interfaces ^iG)-through which communications pass in order 
to reach said access-controlled network resources. 

13. (Currently Amended) A method according to claim 12, further comprising: 
defining zonco (0) comprioing nctworto or subnctworlei, 

associating ^he -each firewall network interfac ca (10) of firewal l s to which no i d zones 
ore connected with an internal or external protection domain, 

determining the-incoming and outgoing firewall network interfaces (40)-of current 

traffic, 

analyzing whether 'saM- thp inromino and ou tgoing firewall network interfaces are 
attached to an internal or external protection domain, and 

applying the rule for controlling access only if betf^-the incoming and outgoing 
firewall network interfaces are attached to the same internal protection domain-(5)7 and the 
access-controlled network resources' belong to the same protection domain. 

14. (Currently Amended) A method according to claim 11, characterized in that it 
composes groups of objects (3) for which the access contro l policy is identical and wherein 
the rule for controlling access is applied between each of the access-controlled network 
resources of a source resource group and a destination resource group. 

15. (Currently Amended) A method according to claim 12, characterized in that it 
composes groups of objects (3) for wh i ch the access control polio/ is identical and wtierein 

. the rule for controlling access is applied between each of the access-controlled network 
resources of a source resource group and a destination resource group. 

16. (Currently Amended) A method according to claim 13, characterized in that it 
composes groups of objects (3) for which the access contro l po l icy is identica l and w hgrein 
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the rule for controlling access is applied between each of the access-controlled network 
resources of a source resource group and a destination resource group. 

17. (Currently Amended) A method according to claim 11, further comprisingi 
rhnmrtpri7ing specif^ino t he scooe of each rule for controlling access with-as local or 

global-seepe, 

when the scope of the rule is local, applying the rule to the access-controlled 
network resources in question only if said access-contro lled network resources belong to the 
same intPmal or external p rotection domain (5) or (6) when the scope of the rule is l oca l, 
and 

when the scope of the rule is global, applying the rule to all of the access-controlled 
network resources in question when the ocopc of the rule is g l oba l. 

18. (Currently Amended) A method according to claim 12, further comprisingi 
rhnrnri-prmng specifying t he scope of each rule for controlling access with-as local or 

global-seope, 

when the scope of the rule is local, applying the mle to the access-controlled 
network resources in question only if said access-contro lled network resources belong to the 
same internal or external p rotection domain (5) or (6) when the scope of the rule io loca l, 
and 

when the scope of the rule is global, applying the rule to all of the access-controlled 
network resources in question when the scope of the ru l e is g l oba l. 

19. (Currently Amended) A method according to claim 13, further comprising! 
characterizing specifying t he scope of each rule for controlling access witivas local or 

global-seepe, 

when the scope of the rule is local, applying the rule to the access-controlled 
network resources in question only if said access-contro lled network resources belong to the 
same internal or external p rotection domain (5) or ( G ) when the scope of the ru l e io l ocal , 
and 

when the scope of the rule is global, applying the rule to all of the access-controlled 
network resources in question when the scope of the rule is g l obo l. 

20. (Currently Amended) A method according to claim 14, further comprising! 
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characterizing specifying t he scope of each rule for controlling access with-as local or 
global-seepe, 

when the scooe of the rule is local, applying the mle to the access-controlled 
network resources in question only if said access-controlled network resources belong to the 
same internal or external protection domain (5) or (6) when the scope of the ru l e is l oca l, 
and 

when the scope of the rule is global, applying the rule to all of the access-controlled 
network resources in question when the scope of the rule is g l obal . 

21- (Currently Amended) A method according to claim 15, further comprisingi 
rharacterizing specifying the scope of each rule for controlling access wtth-as local or 
global scope , 

when the scope of the rule is local, applying the rule to the access-controlled 
network resources in question only if said access-controlled network resources belong to the 
same internal or external p rotection domain (5) or (6) when the scope of the ru l e is loca l, 
and 

when the scope of the rule is global, applying the rule to all of the access-controlled 
network resources in question when the scope of the rule is g l oba l. 

22. (Currently Amended) A method according to claim 16, further comprisingi 
characterizing specifying the scope of each rule for controlling access wit^nas local or 

global scope , 

when the scope of the rule is local, applying the rule to the access-controlled 
network resources in question only if said access-controlled network resources belong to the 
same internal or external protection domain (5) or (6) when the scope of the ru l e is local , 
and 

when the scope of the rule is global, applying the rule to all of the access-controlled 
network resources in question when the scope of the ru l e is g l oba l. 

23. (Currently Amended) A device for configuring a firewall (1) in a computer 
system (2) A system for controlling access to network res ources, comprising: 



Page 7 of 11 



Atf y Dkt: T3264-906761 



rcGOurcGQ (1) inc l uding objects (3) having an occgss control po l icy and an estab l ished 
centra l configuration machine (11) for grouping the objects (3) of the system into interna l 
(5) and external (6) protection domains, 

a firewal l (1) ensuring the protection of an i nterna l domain (5) relative to an externo l 
domain (6), and 

means for app l ying to the firewa l l in question a ru l e for contro ll ing access between a 
source resource (1) and o destination resource only if said source and destination resources 
be l ong to the same protection domain (5) or (6) 

an external network includino at least one external subnetwork havin o at least one 
network resource: 

a plurality of firewalls, coupled to the external network, each firewall including at 
least one internal subnetwork, each internal subnetwork havino at l east one access- 
controlled network resource: and 

a central configuration machine, coupled to the e xternal network, adaotivelv 
configured to: 

define an internal protection domain for each of the plurality of firewalls, each 
internal protection domain including a zone corresponding to eac h internal subnetwork, 

define an external protection domain for the plurality of firewalls, the external 
protection domain including a zone corresponding to each exter nal subnetwork, 

create a plurality of resource groups, each resource group includin g at least one 

zone, 

specify an access control rule, including a scope, for each resource group, and 
configure each firewall using the access control rules . 

24. (Currently Amended) A device according to claim 23, characterized in thot it 
fiirthnr rnmprises wherein the central configuration machine includes a graphical interface 
(45>-from which an administrator (7>-can enter the protection domains (5)-and (6)-and the 
access control rules. 

25. (Canceled). 

26. (Currently Amended) A device according to claim 24, characterized in that 
wherein t he graphical interface allows the administrator ^to define a local or global scope 
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for the access control rul e, and in thot the machine (14) opplios the rule to the resources i n 
question on l y i f said resources belong to the same protection domoin (5) or (6) when the 
scope of the rule is loca l , ond app l ie s the ru l e to al l of the resources in question when the 
scope of the rule is global . 
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